EncapsulateJay
@EncapsulateJ
Followers
117
Following
1K
Media
20
Statuses
126
Proud to work alongside these two 🔥 Congrats to you both!.
Congratulations to @RussianPanda9xx & @polygonben for having talks accepted at #defcon33! . Follow these folks and if you're headed to @defcon put it on you to-do list to be in attendance!
1
1
10
Best case scenario: send the VPN logs to a SIEM solution for safekeeping. VPN compromises are on the rise, and this will save you a lot of heartache in the heat of an incident.
0
0
2
If your organisation uses a third-party managed IT provider, and said IT provider says you have a shiny VPN with logging enabled. Please challenge the provider to prove that the VPN logs are configured correctly. A trusted IT partner will be happy to do this.
2
1
4
RT @CyberRaiju: details hundreds of publicly disclosed DLL Hijacking opportunities. With over 700 stars on GitHub a….
0
52
0
RT @CyberRaiju: Sample deployed via low detection Octowave Loader caught:.- econusi[.digital/nwmb. Interestingly lo….
0
4
0
RT @sudo_Rem: Check out what @HuntressLabs has been busy with this weekend! If you're an IR/SOC analyst responding….
huntress.com
Huntress has observed in the wild exploitation against CVE-2025-30406, a weakness due to hardcoded cryptographic keys.
0
7
0
🚨 [ New blog ] out today with my 🐐 colleagues @xorJosh and @Purp1eW0lf - this case started with a simple brute force and ended with some really interesting findings - check it out! .
0
0
2
IOC’s.hxxps[:]//t680run[.]cfd/vr8DHkGqPInmyncl/1.hxxps[:]//t680run[.]cfd/wbxceTpV20sDchGn/1.hxxps[:]//t680run[.]cfd/KhbOIQRfvJEauW2K/1.
0
0
1
Straight out of the lab today, we observed a ClickFix malware campaign hosted on various .cfd domains using ProtWare’s HTML guardian software to obfuscate the second stage payload:
1
0
3
RT @_JohnHammond: We wrote up what @HuntressLabs has been seeing for the CrushFTP authentication bypass: CVE-2025-31161 (or CVE-2025-2825,….
0
41
0
RT @Antonlovesdnb: Got a new @HuntressLabs blog out today looking at a case that @Purp1eW0lf @xorJosh and I worked on recently - VPN compro….
huntress.com
Explore the inner workings of real-world cyberattacks and gain insight into the challenges faced by Huntress threat analysts. Discover the critical role of investigative techniques and their import...
0
13
0
IOC’s Continued:. NetSupport Primary C2 Domain - kidsman1[.]net. NetSupport Secondary C2 Domain - solofarm[.]duckdns[.]org.
1
0
3
IOCs. Initial Lure Domain - magicvision[.]app. 2nd Stage URL - hxxps[:]stats-lord[.]net/update[.]php. Binary - MagicVision_1.6.0_x64_v1.exe. SHA-256 Hash - 8df95c54c5dc1c4f7bdeebab19fd0b7feba4ddfe26305e679de01a56cf31dbaa.
1
0
3
During the final stage of this malware chain, a renamed version of 7z.exe (zz.exe) is downloaded to the host and used to unzip the contents of “b.vue”, which was an archive file that contained the NetSupport RAT:
1
0
3
As a result of this interaction, the malware makes network connections to the URL hxxps[:]stats-lord[.]net/update[.]php to read the second stage payload:
1
0
3
An end user downloads the executable “MagicVision_1.6.0_x64_v1.exe” from the domain magicvision[.]app:
1
0
3
We have identified a malware campaign posing as a generative AI application to deliver NetSupport RAT. We observed that the threat actor made various press releases in an attempt to legitimise this campaign:.
globenewswire.com
LONDON, Dec. 13, 2024 (GLOBE NEWSWIRE) -- Magic Vision, an AI-powered platform for digital media creation, officially launches today. The platform...
1
1
5